After-gate attack on a quantum cryptosystem

TL;DR

This paper demonstrates a method to perform an undetectable attack on quantum key distribution systems by controlling detector events with bright pulses, highlighting vulnerabilities and proposing countermeasures.

Contribution

It introduces an after-gate attack technique on gated quantum detectors and discusses how to modify systems to prevent this vulnerability.

Findings

The attack can transfer detection events without increasing error rates.

Experimental validation on ID Quantique detectors shows feasibility.

Simple implementation changes can mitigate the attack.

Abstract

We present a method to control the detection events in quantum key distribution systems that use gated single-photon detectors. We employ bright pulses as faked states, timed to arrive at the avalanche photodiodes outside the activation time. The attack can remain unnoticed, since the faked states do not increase the error rate per se. This allows for an intercept-resend attack, where an eavesdropper transfers her detection events to the legitimate receiver without causing any errors. As a side effect, afterpulses, originating from accumulated charge carriers in the detectors, increase the error rate. We have experimentally tested detectors of the system id3110 (Clavis2) from ID Quantique. We identify the parameter regime in which the attack is feasible despite the side effect. Furthermore, we outline how simple modifications in the implementation can make the device immune to this attack.